Samba 4: Linux Active Directory Server

Linux does have directory server called OpenLDAP, but it requires good understanding and admin skills. MS-Ad has reputation for ease of use. Samba is a free software re-implementation of SMB/CIFS networking protocol mainly used by Microsoft. One of the goals of Samba version 4 is to implement an Active Directory compatible Domain Controller. Major features for Samba 4 already include:

support of the ‘Active Directory’ logon and administration protocols

new ‘full coverage’ testsuites

full NTFS semantics for sharing backends

Internal LDAP server, with AD semantics

Internal Kerberos server, including PAC support

fully asynchronous internals

flexible process models

better scalablilty from micro to very large installations

new RPC infrastructure (PIDL)

flexible database architecture (LDB)

embedded scripting language (ejs)

generic security subsystem (GENSEC)

over 50% auto-generated code!

Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett. More information avilable at Samba 4 wiki and here.

This new implementation is not just about cost but it should provide the following benefits:

I would rather see an open source Directory implementation which is more like Novell’s eDirectory for this one is far more scalable and x509 compliant. Also the use of SLP is far more advanced then DNS imho. But of course this is not going to happen from Samba because then they would totally need to start from scratch.

Don’t get me wrong, i really am happy that Linux will have a decent Directory Service because that is really lacking at the moment. But the world is bigger (and better) than Active Directory.

Offtopic: I am curious how Samba4 will perform in contrast to Domain Services For Windows (DSFW) from Novell. And what Novell’s answer is going to do in respond to this.

Offtopic2: I work a lot with Novell products and i tend to like them. So you can qualify me as a fanboy probably ;-).

i agree with justin about why linux programs aim for 1:1 compatibility with microsoft protocols which are never well documented/open at all. Why should change always come from the software side and not from the user side? its just a bloody login, how does it matter what authentication is used for your username and password as long as you don’t mess with others’ stuff and others don’t mess with yours.

I ain’t saying not following MS protocol would make things easy, but atleast it gives the devs a chance to iron out the rough edges in the design phase itself. think about it, many linux tools also suffer from unix tool design anomalies, trying to keep them compatible with the *nix standard.

The sad truth is that so many businesses use Active Directory for managing company users and group policies. It would be nice if Microsoft would release an open source linux alternative to allow login from Linux boxes so the AD server can control users/permissions on these boxes.

This post/page was created in January 2009. As of now, January 2012, Samba 4 is still alpha. I was pretty excited when I heard about Samba 4 being a full AD compliant domain controller compatible with the new schemas implemented in Windows Server 2008 when I first read about it probably around the same time this page was written but here we are 3 years later where it’s still alpha code and at this point I have lost a lot of respect and hope that Samba will ever be the way to go for this. I’m expecting that by the time they complete this as a final, non-alpha, working piece of code, MS will have released a new version of the OS that implements a new schema that is no longer compatible with the old one and at that point we will have to wait many many more years for Samba to be able to create a compatible interface.

Don’t make up dates – It’s May 2012 now and the wiki states clearly “A date has not been set for an official release” and reiterates its alpha and unfinished state.

I suspect it was just too ambitious – instead of just implementing kerberos and ldap they tried to rewrite everything from scratch.. and here we are 3 years later no nearer to a release than they were 3 years ago.

@Tony — actually, it is officially in Beta now. I’ve been following the Samba and Samba-technical lists for some time now, and while there still isn’t a hard release date, people in the core development team have been tossing around going into Release Candidate after July, and hopefully a full 4.0 release before the end of the year.

You really should check your facts before simply repeating what you’ve heard other people say. There has been a **LOT** of progress in the past couple of years. The biggest problem is that there has been a couple of significant changes in scope over these three years. The new NTVFS server, which was the *original* point of Samba4, has been sidelined in favor of pulling in a lot of the new file system functionality from Samba3. Instead of focusing on the file shares portion, the greatest effort has been to build up a very solid Active Directory server, complete with embedded Kerberos, LDAP, DNS 9.8, GENSEC, SMB 2.1 (working toward SMB3), replication, the ability to join an existing AD domain as a member server, and a host of other features.

There is a huge amount of work to be done, but at least for the past 12 months, this has been by far the FASTEST moving Open Source project I’ve ever looked into.

Wow!!! Sorry…Just fell into this downloading Pear OS8! Getting tired of MS and the like. My hats off to Open Source communities as it is evolving into something really respectable since Fedora 12!!! Can’t wait for Samba 4 RC.